I have a hiera construct that provides certificate names for the apache module that looks like this:
profiles::web_host::vhosts::params:
'subdomain.domain.de'
serverName: 'subomain.domain.de'
certificateName: 'wildcard.domain.de'
'subdomain2.domain.de'
serverName: 'subomain2.domain.de'
certificateName: 'wildcard.domain.de'
In my webserver profile there's a lookup for the params
$vhostParams = lookup("profiles::web_host::vhosts::params")
And then I'm looping over the params:
$vhostParams.each |$key, $vhOptions| {
if $vhOptions['certificateName'] {
$certificateName = $vhOptions['certificateName']
}
}
Here's the problem: As soon as you use a wildcard certificate (as intended) for multiple subdomains there's a duplicate definition for the variable $certificateName.
I experimented with .unique applied to the variable as well as during the lookup $vhostParamsMerged1 = lookup('profiles::web_host::vhosts::params',Hash,'uniq',undef) without much success.
I'd be glad if you can help.
Kind regards, Thomas
Thanks all for looking into this :) I was ill for a while so sorry for my late feedback. You're right I should've postet the whole profile but it contains some hostnames I dont want to go public.
I solved it by workaround. The same certificate is now put into many files based on the vhost it is used by.
If anyone has a solution how to use the puppet function .each looping through hiera, create an array/hash and use only unique values - I'm still interested.
For everyone who has a similar problem: Like always - you just have to make all your resources unique.
For my case the code now looks a like this (each time for ssl certificate and key):
$vhostParams.each |$key, $vhOptions| {
[...]
#
# Certificate(s)
#
file { "Web Server vhost $defaultSslZone SSL Key for ${key}":
# notifies the apache service to do a reload
notify => Class['apache::service'],
[...]
apache::vhost { "${key}":
ssl => true,
ssl_cert => "${cCERTS_BASE_DIR}/${sslZone}-${key}_cert.pem",
ssl_key
}
=> "${cCERTS_BASE_DIR}/${sslZone}-${key}_key.pem",